newttster

http://www.speedtest.net/result/2553899537.png

I'm not a complete moron ... of course I see the difference. But each one of us has a different way of criticizing others. Guests' way is by being brutally honest and he holds back nothing. I get where you are coming from Alain ... but I would much rather see his type of honesty than others I have seen here. Besides all of which ... you as mod have the capability of deleting out what you find offensive in a post. If something he says does not suit your sensibilities then fix it. Threatening to ban him just promotes dissension for nothing.

Then people are taking it personally as opposed to it being constructive criticism. In the situation you are pointing out ... again he is criticizing the code/mod rather than the person. Obviously this is not something that we will agree on because people are too quick these days to take things personally rather than the intent behind it. Not too mention the political correctness that we must all submit to now. If people can't accept criticism as it was meant ... to help, to get people to think along new lines, to expand their knowledge ... whatever ... then perhaps they need to look elsewhere for their entertainment.

My apologies but that is not what I understood from that.

Have an accumulation field. Once they get to a certain number ... award them with a weapon/armour/whatever that can't be purchased in game. Maybe donator days. There are tons of things that you could award them with.

I have to agree with you, Peter. Threatening to ban someone because you don't like their opinion is one sure way to kill the forum that you, Alain, state are trying to keep alive. If he were attacking you personally that would be entirely different ... he is not. He is not "flaming" you personally. Guest doesn't like your coding style or engine then that is his choice. Saying you will ban him because you don't like his posts brings the whole discussion down to a kindergarten level. That will surely keep the forum open. I don't see his posts as being negative or flaming ... I see them as an opportunity for everyone to improve what they are doing. He has often posted solutions or helped others behind the scenes. And when you get right down to it ... isn't that what we are all here for. To learn. To help. To grow.

Gratz on one year, Alain. May you celebrate many more.

Sent. And thank you.

Gotcha. I just saw that and it makes sense. Was so caught up in the REF / ref that I didn't pay attention to the name. *facepalms* No ... nothing is inserted into the db, there is no event stating that so and so signed up with their referal.Nothing is awarded to the referrer. Nothing. The rest of the register.php file works correctly. Even the promo code works fine.

I'll be honest ... I've tried changing them all to REF ... changing them to ref ... a mix of both and nothing has worked. This is one thing that has been driving me nuts about the register.php file. The one thing that I don't understand is how the $_POST['ref'] is supposed to be getting the information from the $_GET['REF'].

I've looked and as far as I have seen ... no one has solved this yet. Is there anyone that has figured out how to get the referals to work? This is the code that I have for all the referal stuff. register.php info $_POST['ref'] = (isset($_POST['ref']) && is_numeric($_POST['ref'])) ? abs(intval($_POST['ref'])) : ''; $IP = $db->escape($_SERVER['REMOTE_ADDR']); if ($_POST['ref'] > 0) { $q = $db->query("SELECT `lastip` FROM `users` WHERE `userid` = {$_POST['ref']}"); if ($db->num_rows($q) == 0) { echo "Referrer does not exist.<br /> > <a href='register.php'>Back</a>"; exit; } $rem_IP = $db->fetch_row($q); if ($rem_IP == $_SERVER['REMOTE_ADDR']) { echo "No creating referral multies.<br /> > <a href='register.php'>Back</a>"; exit; } }   if ($_POST['ref']) { $db->query("UPDATE `users` SET `crystals` = `crystals` + 200 WHERE `userid` = {$_POST['ref']}"); event_add($_POST['ref'], "For refering $username to the game, you have earned 200 valuable crystals!", $c); $e_rip = $db->escape($rem_IP); $db->query("INSERT INTO `referals` VALUES(NULL, {$_POST['ref']}, $i, unix_timestamp(), '{$e_rip}', '$IP')"); }   <input type=hidden name=ref value=' <?php $_GET['REF'] = abs((int) $_GET['REF']); if($_GET['REF']) { print $_GET['REF']; } ?> ' />   And yes ... on the explore.php file it is set up as http://www.XXXXX/register.php?REF=#

Sweet. As to opening the $link ... can it be done the way I asked about previously?

AWESOME!!! I am probably dating myself here (shrugs) but I have to say, illusions ... I really enjoyed this. It very much reminded me of a lot of music from the eighties ... an era of music that I just love. Keep up the excellent work and post more! I have this song bookmarked so that I can listen to it over and over. ;) Have you ever tried to work with Reason? A friend works with it all the time. It is (from what he has explained about it) a complete studio package in one. Mixers, instruments ... everything, apparently.

Thanks, Aventro. But I still need to know/understand how to work with the $link and mysqli_close($link); as the mysqli.prepare also uses this as well.

I'm pretty sure that some of you may think that I am beating a dead horse here, but I am really trying to get a handle on this stuff. In regards to mysqli_real_escape_string() it requires two parameter. The example they use in the manual is $city = mysqli_real_escape_string($link, $city); They have $link = mysqli_connect("localhost", "my_user", "my_password", "world"); . At the bottom of the example for the procedural style they also have mysqli_close($link);   My question is this ... could I set up the $link in the config file using the same info that is used for the $_CONFIG array? Because the config.php file is included in the globals.php file it would be recognized through out any files that call the globals.php file, would it not? As to mysqli_close($link); would I then place it just before the $h->endpage(); or would I place it just before the closing php? I am really confused about this. I know that I could just use mysql_real_escape_string() but the manual says that it will eventually be removed from use so I would just as soon know how to do this now rather than try and do it later when it is actually removed. Any help would be really appreciated. Thank you.

Welcome back. It will be interesting to see what you do with your old/new/old??? stuff. ;)

It might help if you state what kind of images etc. What you are willing to pay? When you need it done by?

@ Aventro ... while I appreciate that working with prepared statements (from what I have read) would absolutely be the way to go. Having said that ... it would be the way to go if you are starting with a brand new project. It would be damn difficult to do so with McCodes.   It's the same kind of principle as having a condom and not needing as opposed to not having one and needing it. I'd rather be safe than sorry.   I mean no disrespect whatsoever ... but if it were that simple ... why is it so hard to do and so many people have a problem with it.

Sorry about that Djkanna ... I was looking at the placement of the words not the brackets. Now I understand what you were trying to get across to me. Thank you.

Now you have lost me all together because what you have above is the same that I have in my function.

I guess because it is a fault of mine. I over think everything, no matter what it is. ;) The end goal ... well, someone on here (don't remember who and it doesn't matter) once said that you can't create a function to stop sql injection ... or most sql injection. I'm trying to see if it can be done. I thought it would be interesting to at least try anyway.   edit: This is in relation to working with McCodes only though. edit 2: I don't understand what you mean by that. I'm still learning so there are things that I don't get. Should they be in a different order?

Right ... I tried various options as per your suggestions. However, I do not fully understand how to use the filters because of the optional flags, so I went with this instead. I am using mysqli_real_escape_string(); because the manual is saying that mysql_real_escape_string() is depreciated and will be removed in the future. As for the issue with ctype_alnum(), as you said, CavellA it would work great with just numbers and letters. However, for names, most people want to have the option of using spaces or underscores. In that case I would have to use preg_match. My question now is, if I use the function below and a user's input were: Hello, my name is James O'Malley. I was born on October 10, 1960. My mother said and I quote "' You were born on the same date as your father & uncle were. Your grandfather opened an account for you and deposited $1,000.00 in it. Because the account has overdraft protection on it, I withdrew $1,100.00 from it leaving a balance of -$100.00.'" Would it display it exactly as written without inserting any special charcters like &34 (or whatever)?   // Sanitize input function clean($str) { return (htmlspecialchars(strip_tags(trim($str), ENT_QUOTES, "UFT-8"))); } $mess = clean($_POST['mess']); $mess = mysqli_real_escape_string($mess); echo $mess;   My other question is, with: $_GET['ID'] = (isset($_GET['ID']) && !empty($_GET['ID']) && is_numeric($_GET['ID'])) ? abs(@intval($_GET['ID'])) : '';   Is there a way that the user can manipulate this? For example if they were to input; +100 -100 "100" '100' Would it throw an error or would it see the input as strictly 100?

I'm playing around with a project and basically I am trying (for the hell of it) to see if there is a way to cleanup user input. For arguments sake ... a username consisting of just alpha characters. Or better yet ... a username that consists of alpha characters, numbers and the underscore. Then once it goes through the clean function it gets sent to the db and then returned via echo by a variable ... ie echo"{$name}"; . I'm thinking (maybe not very well) that doing it this way makes it easier to print/echo to the screen a lot easier.   edit: Thanks for your suggestion, sniko.

I am curious about something. Would the following code be secure for a non-numerical input?   function clean($in) { return addslashes(htmlspecialchars(strip_tags(trim($in)))); } $name = clean($_POST['name']); $name = mysql_real_escape_string($name);

And another one gets bitten in the ass by our infamous friend. Sorry this happened to ya, mate. Let's hope this works as a warning to others, (Again) to not deal with him.